POPULARITY
Categories
137 episodes with Siem
44 episodes with Siem
30 episodes with Siem
58 episodes with Siem
20 episodes with Siem
18 episodes with Siem
21 episodes with Siem
34 episodes with Siem
33 episodes with Siem
23 episodes with Siem
17 episodes with Siem
13 episodes with Siem
10 episodes with Siem
7 episodes with Siem
11 episodes with Siem
7 episodes with Siem
6 episodes with Siem
18 episodes with Siem
9 episodes with Siem
4 episodes with Siem
4 episodes with Siem
7 episodes with Siem
3 episodes with Siem
2 episodes with Siem
5 episodes with Siem
6 episodes with Siem
4 episodes with Siem
4 episodes with Siem
4 episodes with Siem
3 episodes with Siem
5 episodes with Siem
3 episodes with Siem
3 episodes with Siem
4 episodes with Siem
4 episodes with Siem
4 episodes with Siem
3 episodes with Siem
3 episodes with Siem
16 episodes with Siem
3 episodes with Siem
3 episodes with Siem
4 episodes with Siem
4 episodes with Siem
2 episodes with Siem
5 episodes with Siem
How do you establish trust in an AI SOC, especially in a regulated environment? Grant Oviatt, Head of SOC at Prophet Security and a former SOC leader at Mandiant and Red Canary, tackles this head-on as a self-proclaimed "AI skeptic". Grant shared that after 15 years of being "scared to death" by high-false-positive AI, modern LLMs have changed the game .The key to trust lies in two pillars: explainability (is the decision reasonable?) and traceability (can you audit the entire data trail, including all 40-50 queries?) . Grant talks about yje critical architectural components for regulated industries, including single-tenancy , bring-your-own-cloud (BYOC) for data sovereignty , and model portability.In this episode we will be comparing AI SOC to traditional MDRs and talking about real-world "bake-off" results where an AI SOC had 99.3% agreement with a human team on 12,000 alerts but was 11x faster, with an average investigation time of just four minutes .Guest Socials - Grant's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Security Podcast(00:00) Introduction(02:00) Who is Grant Oviatt?(02:30) How to Establish Trust in an AI SOC for Regulated Environments(03:45) Explainability vs. Traceability: The Two Pillars of Trust(06:00) The "Hard SOC Life": Pre-AI vs. AI SOC(09:00) From AI Skeptic to AI SOC Founder: What Changed? (10:50) The "Aha!" Moment: Breaking Problems into Bite-Sized Pieces(12:30) What Regulated Bodies Expect from an AI SOC(13:30) Data Management: The Key for Regulated Industries (PII/PHI) (14:40) Why Point-in-Time Queries are Safer than a SIEM (15:10) Bring-Your-Own-Cloud (BYOC) for Financial Services (16:20) Single-Tenant Architecture & No Training on Customer Data (17:40) Bring-Your-Own-Model: The Rise of Model Portability (19:20) AI SOC vs. MDR: Can it Replace Your Provider? (19:50) The 4-Minute Investigation: Speed & Custom Detections (21:20) The Reality of Building Your Own AI SOC (Build vs. Buy)(23:10) Managing Model Drift & Updates(24:30) Why Prophet Avoids MCPs: The Lack of Auditability (26:10) How Far Can AI SOC Go? (Analysis vs. Threat Hunting)(27:40) The Future: From "Human in the Loop" to "Manager in the Loop" (28:20) Do We Still Need a Human in the Loop? (95% Auto-Closed) (29:20) The Red Lines: What AI Shouldn't Automate (Yet) (30:20) The Problem with "Creative" AI Remediation(33:10) What AI SOC is Not Ready For (Risk Appetite)(35:00) Gaining Confidence: The 12,000 Alert Bake-Off (99.3% Agreement) (37:40) Fun Questions: Iron Mans, Texas BBQ & SeafoodThank you to Prophet Security for sponsoring this episode.
Guests: Alexander Pabst, Deputy Group CISO, Allianz Lars Koenig, Global Head of D&R, Allianz Topics: Moving from traditional SIEM to an agentic SOC model, especially in a heavily regulated insurer, is a massive undertaking. What did the collaboration model with your vendor look like? Agentic AI introduces a new layer of risk - that of unconstrained or unintended autonomous action. In the context of Allianz, how did you establish the governance framework for the SOC alert triage agents? Where did you draw the line between fully automated action and the mandatory "human-in-the-loop" for investigation or response? Agentic triage is only as good as the data it analyzes. From your perspective, what were the biggest challenges - and wins - in ensuring the data fidelity, freshness, and completeness in your SIEM to fuel reliable agent decisions? We've been talking about SOC automation for years, but this agentic wave feels different. As a deputy CISO, what was your primary, non-negotiable goal for the agent? Was it purely Mean Time to Respond (MTTR) reduction, or was the bigger strategic prize to fundamentally re-skill and uplevel your Tier 2/3 analysts by removing the low-value alert noise? As you built this out, were there any surprises along the way that left you shaking your head or laughing at the unexpected AI behaviors? We felt a major lack of proof - Anton kept asking for pudding - that any of the agentic SOC vendors we saw at RSA had actually achieved anything beyond hype! When it comes to your org, how are you measuring agent success? What are the key metrics you are using right now? Resources: EP238 Google Lessons for Using AI Agents for Securing Our Enterprise EP242 The AI SOC: Is This The Automation We've Been Waiting For? EP249 Data First: What Really Makes Your SOC 'AI Ready'? EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI "Simple to Ask: Is Your SOC AI Ready? Not Simple to Answer!" blog "How Google Does It: Building AI agents for cybersecurity and defense" blog Company annual report to look for risk "How to Win Friends and Influence People" by Dale Carnegie "Will It Make the Boat Go Faster?" book
In this episode of the Need to Know Podcast, we explore the evolving landscape of learning in the Microsoft Cloud ecosystem, with a spotlight on the SMB market. From the latest in Microsoft 365 Copilot innovations to critical cybersecurity updates and the end of CIAOPS Academy, this episode delivers essential insights for IT professionals and business leaders navigating the modern digital workplace. Resources Explore the tools, communities, and content mentioned in this episode: CIAOPS Need to Know Podcast: https://ciaops.podbean.com/ CIAOPS Blog: https://blog.ciaops.com/ CIAOPS Labs: https://blog.ciaopslabs.com/ CIAOPS Brief: https://blog.ciaops.com/tag/cia-brief/ Join the Teams Shared Channel: https://blog.ciaops.com/2022/07/29/join-my-teams-shared-channel/ CIAOPS Merch Store: https://my-store-c5d877-2.creator-spring.com/ Become a Patron: https://www.ciaopspatron.com/ Direct Support: https://ko-fi.com/ciaops Get Your M365 Questions Answered: https://blog.ciaops.com/2025/06/11/get-your-m365-questions-answered-via-email-2/ Test Your Microsoft 365 Speed: https://blog.ciaops.com/2025/07/21/test-your-microsoft-365-speed-in-seconds-for-free/ CIAOPS Email list - https://bit.ly/cia-email Announcements Flight School: Mastering Copilot for IT Pros – https://blog.ciaops.com/2025/11/14/flight-school-mastering-copilot-for-it-pros/ Disabling Office Macros via ASR to Meet Essential Eight Requirements – https://blog.ciaops.com/2025/11/13/disabling-office-macros-via-asr-to-meet-essential-eight-requirements/ ASD OWA settings check script – https://blog.ciaops.com/2025/11/13/asd-owa-settings-check-script/ ASD Mailflow settings check script – https://blog.ciaops.com/2025/11/12/asd-mailflow-settings-check-sript/ CIAOPS Academy deprecation notification – https://blog.ciaops.com/2025/11/10/ciaops-academy-deprecation-notification/ Show Notes The next chapter of the Microsoft–OpenAI partnership – https://blogs.microsoft.com/blog/2025/10/28/the-next-chapter-of-the-microsoft-openai-partnership/ Automate with Workflows Agent in Microsoft 365 Copilot (Frontier) – https://www.youtube.com/watch?v=Vvk1ScZT-lo Introducing Researcher with Computer Use in Microsoft 365 Copilot – https://techcommunity.microsoft.com/blog/microsoft365copilotblog/introducing-researcher-with-comput… Build apps in minutes with App Builder agent in Microsoft 365 Copilot (Frontier) – https://www.youtube.com/watch?v=v27H_R1ltB0 Microsoft 365 Copilot now enables you to build apps and workflows – https://www.microsoft.com/en-us/microsoft-365/blog/2025/10/28/microsoft-365-copilot-now-enables-you Introducing Teams Mode for Microsoft 365 Copilot – https://techcommunity.microsoft.com/blog/microsoft365copilotblog/introducing-teams-mode-for-microso… Introducing MAI-Image-1, debuting in the top 10 on LMArena – https://microsoft.ai/news/introducing-mai-image-1-debuting-in-the-top-10-on-lmarena/ Building human-centric security skills for AI – https://techcommunity.microsoft.com/blog/microsoftlearnblog/building-human-centric-security-skills-… GenAI vs Cyber Threats: Why GenAI Powered Unified SecOps Wins – https://techcommunity.microsoft.com/blog/microsoft-security-blog/genai-vs-cyber-threats-why-genai-p… What's new in Microsoft 365 Copilot | October 2025 – https://techcommunity.microsoft.com/blog/Microsoft365CopilotBlog/what%E2%80%99s-new-in-microsoft-36… The 5 generative AI security threats you need to know about detailed in new e-book – https://www.microsoft.com/en-us/security/blog/2025/10/30/the-5-generative-ai-security-threats-you-n… SharePoint Showcase highlights: Smarter Copilot responses using metadata with the Knowledge Agent – https://techcommunity.microsoft.com/blog/microsoft365insiderblog/sharepoint-showcase-highlights-sma… Work smarter with Copilot in the People, Files, and Calendar apps – https://techcommunity.microsoft.com/blog/microsoft365insiderblog/work-smarter-with-copilot-in-the-p… The weakest link: Stolen staff passwords now the biggest cyber threat to workplaces – https://www.smh.com.au/politics/federal/the-weakest-link-stolen-staff-passwords-now-the-biggest-cyb… Cyber security priorities for boards of directors 2025-26 – https://www.cyber.gov.au/business-government/protecting-business-leaders/cyber-security-for-busines… Secure external attachments with Purview encryption – https://techcommunity.microsoft.com/blog/azurepurviewblog/secure-external-attachments-with-purview-… What's New in Microsoft Intune: October 2025 – https://techcommunity.microsoft.com/blog/microsoftintuneblog/what%E2%80%99s-new-in-microsoft-intune… Custom detections are now the unified experience for creating detections in Microsoft Defender – https://techcommunity.microsoft.com/blog/microsoftthreatprotectionblog/custom-detections-are-now-th… 10 ways Microsoft Intune supports a smooth upgrade to Windows 11 – https://techcommunity.microsoft.com/blog/microsoftintuneblog/10-ways-microsoft-intune-supports-a-sm… How Windows 11 and AI are transforming the future of work – https://techcommunity.microsoft.com/blog/windows-itpro-blog/how-windows-11-and-ai-are-transforming-… Security Copilot Agents: The New Era of AI, Driven Cyber Defense – https://techcommunity.microsoft.com/blog/microsoft-security-blog/security-copilot-agents-the-new-er… 6 truths about migrating Microsoft Sentinel to the Defender portal – https://techcommunity.microsoft.com/blog/microsoftsentinelblog/6-truths-about-migrating-microsoft-s… Microsoft named a Leader in the 2025 Gartner® Magic Quadrant™ for SIEM – https://www.microsoft.com/en-us/security/blog/2025/10/16/microsoft-named-a-leader-in-the-2025-gartn… Extortion and ransomware drive over half of cyberattacks – https://blogs.microsoft.com/on-the-issues/2025/10/16/mddr-2025/ Microsoft 365 Insider Round-Up: October 2025 – https://www.linkedin.com/pulse/microsoft-365-insider-round-up-october-2025-microsoft-365-insider-ub… Making every Windows 11 PC an AI PC – https://blogs.windows.com/windowsexperience/2025/10/16/making-every-windows-11-pc-an-ai-pc/ Microsoft raises the bar: A smarter way to measure AI for cybersecurity – https://www.microsoft.com/en-us/security/blog/2025/10/14/microsoft-raises-the-bar-a-smarter-way-to-… Building a lasting security culture at Microsoft – https://www.microsoft.com/en-us/security/blog/2025/10/13/building-a-lasting-security-culture-at-mic… Satya – My annual letter: Thinking in decades, executing in quarters – https://www.linkedin.com/pulse/my-annual-letter-thinking-decades-executing-quarters-satya-nadella-7…
When “Normal” Doesn't Work: Rethinking Data and the Role of the SOC AnalystMonzy Merza, Co-Founder and CEO of Crogl, joins Sean Martin and Marco Ciappelli to discuss how cybersecurity teams can finally move beyond the treadmill of normalization, alert fatigue, and brittle playbooks that keep analysts from doing what they signed up to do—find and stop bad actors.Merza draws from his experience across research, security operations, and leadership roles at Splunk, Databricks, and one of the world's largest banks. His message is clear: the industry's long-standing approach of forcing all data into one format before analysis has reached its limit. Organizations are spending millions trying to normalize data that constantly changes, and analysts are paying the price—buried under alerts they can't meaningfully investigate.The conversation highlights the human side of this issue. Analysts often join the field to protect their organizations, but instead find themselves working on repetitive tickets with little context, limited feedback loops, and an impossible expectation to know everything—from email headers to endpoint logs. They are firefighters answering endless 911 calls, most of which turn out to be false alarms.Crogl's approach replaces that normalization-first mindset with an analyst-first model. By operating directly on data where it lives—without requiring migration or schema alignment—it allows every analyst to investigate deeper, faster, and more consistently. Each action taken by one team member becomes shared knowledge for the next, creating an adaptive, AI-driven system that evolves with the organization.For CISOs, this means measurable consistency, auditability, and trust in outcomes. For analysts, it means rediscovering purpose—focusing on meaningful investigations instead of administrative noise.The result is a more capable, connected SOC where AI augments human reasoning rather than replacing it. As Merza puts it, the new normal is no normalization—just real work, done better.Watch the full interview and product demo: https://youtu.be/7C4zOvF9sdkLearn more about CROGL: https://itspm.ag/crogl-103909Note: This story contains promotional content. Learn more.GUESTMonzy Merza, Founder and CEO of CROGL | On LinkedIn: https://www.linkedin.com/in/monzymerza/RESOURCESLearn more and catch more stories from CROGL: https://www.itspmagazine.com/directory/croglBrand Spotlight: The Schema Strikes Back: Killing the Normalization Tax on the SOC: https://brand-stories-podcast.simplecast.com/episodes/the-schema-strikes-back-killing-the-normalization-tax-on-the-soc-a-corgl-spotlight-brand-story-conversation-with-cory-wallace [Video: https://youtu.be/Kx2JEE_tYq0]Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Spotlight Brand Story: https://www.studioc60.com/content-creation#spotlight Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
Basada en inteligencia artificial que centraliza la telemetría de seguridad de endpoints, redes y entornos en la nube, GravityZone Security Data Lake de Bitdefender tiene como objetivo optimizar la detección de amenazas y reducir los costos de los sistemas tradicionales de gestión de eventos (SIEM).
Guest: Balazs Scheidler, CEO at Axoflow, original founder of syslog-ng Topics: Are we really coming to "access to security data" and away from "centralizing the data"? How to detect without the same storage for all logs? Is data pipeline a part of SIEM or is it standalone? Will this just collapse into SIEM soon? Tell us about the issues with log pipelines in the past? What about enrichment? Why do it in a pipeline, and not in a SIEM? We are unable to share enough practices between security teams. How are we fixing it? Is pipelines part of the answer? Do you have a piece of advice for people who want to do more than save on their SIEM costs? Resources: EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective EP190 Unraveling the Security Data Fabric: Need, Benefits, and Futures EP228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More Pipelines Axoflow podcast and Anton on it "Decoupled SIEM: Where I Think We Are Now?" blog "Decoupled SIEM: Brilliant or Stupid?" blog "Output-driven SIEM — 13 years later" blog
In deze aflevering van Techzine Talks bespreken we applicatie- en datasecurity met Steven Maes (Sales Director Benelux) en Shailes Nanda (Principal Channel Sales Engineer) van Thales. We duiken diep in de wereld van API security, web application firewalls, bot protection en data risk analytics.De gasten vertellen over de integratie van Imperva in Thales en hoe dit een compleet platform voor data- en applicatiebeveiliging vormt. Van encryptie en key management tot het detecteren van geavanceerde bot-aanvallen en het monitoren van gebruikersgedrag - deze aflevering biedt een uitgebreid overzicht van moderne security-uitdagingen en oplossingen.Daarnaast komen praktische cases aan bod, zoals hoe organisaties van miljoenen security events naar een handvol relevante incidenten kunnen filteren met behulp van AI en machine learning. Een must-watch voor iedereen die zich bezighoudt met enterprise security.Hoofdstukken:0:22 - Welkom en introductie1:02 - Imperva wordt onderdeel van Thales3:00 - Databeveiliging en encryptie4:58 - Applicatiesecurity en web application firewall6:48 - API security en bot protection9:55 - Data risk analytics en monitoring27:02 - Platformbenadering en integraties33:07 - Toekomst van cybersecurity
Command and Control ... vad innebär det egentligen? I vilket skede utspelar sig detta "ringa-hem-till-centralstations"-scenariot? Mattias Jadesköld och Erik Zalitis reder utbegreppet och tar er igenom ett avancerat attackmönster och stannar vid just steget Command and Control! Hur har det utvecklats genom åren? Hur kan man upptäcka ifall någon är inne i nätverket? Och varför kan det vara en kul uppgift för något som arbetar med ett logganaysverktyg (SIEM)?
Dr. Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud and a recognized expert in SIEM, log management, and PCI DSS compliance, will help us cut through the buzzwords and discuss modern security operations.Join the Defender Fridays community, live every Friday, to discuss the dynamic world of information security in a collaborative space with seasoned professionals.Dr. Chuvakin is now involved with security solution strategy at Google Cloud, where he arrived via Chronicle Security (an Alphabet company) acquisition in July 2019. He is also a co-host of Cloud Security Podcast.Until June 2019, Dr. Anton Chuvakin was a Research VP and Distinguished Analyst at Gartner for Technical Professionals (GTP) Security and Risk Management Strategies (SRMS) team. At Gartner he covered a broad range of security operations and detection and response topics, and is credited with inventing the term "EDR." He is a recognized security expert in the field of SIEM, log management and PCI DSS compliance. He is an author of books "Security Warrior", "PCI Compliance", "Logging and Log Management" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and others. Anton has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS, honeypots, etc. His blog securitywarrior.org was one of the most popular in the industry.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.
Ransomware detection is more complex than most organizations realize. In this episode, cybersecurity expert Mike Saylor breaks down the real-world signs of ransomware attacks—from users complaining about slow computers to smart devices acting strangely. We explore polymorphic malware that changes based on its target, the risks posed by managed service providers using shared credentials, and why milliseconds matter in ransomware detection and response. Mike explains the difference between EDR, XDR, SIEM, and SOAR tools, helping you understand which security solutions you actually need. We also discuss why 24/7 monitoring is non-negotiable and how even small businesses can afford proper ransomware detection capabilities. If you're trying to protect your organization without breaking the bank, this episode offers practical guidance on building your security stack and knowing when to call in expert help.
Can you just use Claude Code or another LLM to "vibe code" your way into building an AI SOC? In this episode, Ariful Huq, Co-Founder and Head of Product at Exaforce spoke about the reality being far more complex than the hype suggests. He explains why a simple "bolt-on" approach to AI in the SOC is insufficient if you're looking for real security outcomes.We speak about foundational elements required to build a true AI SOC, starting with the data. It's "well more than just logs and event data," requiring the integration of config, code, and business context to remove guesswork and provide LLMs with the necessary information to function accurately . The discussion covers the evolution beyond traditional SIEM capabilities, the challenges of data lake architectures for real-time security processing, and the critical need for domain-specific knowledge to build effective detections, especially for SaaS platforms like GitHub that lack native threat detection .This is for SOC leaders and CISOs feeling the pressure to integrate AI. Learn what it really takes to build an AI SOC, the unspoken complexities, and how the role of the security professional is evolving towards the "full-stack security engineer".Guest Socials - Ariful's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Security PodcastQuestions asked:(00:00) Introduction(02:30) Who is Ariful Huq?(03:40) Can You Just Use Claude Code to Build an AI SOC?(06:50) Why a "Bolt-On" AI Approach is Tough for SOCs(08:15) The Importance of Data: Beyond Logs to Config, Code & Context(09:10) Building AI Native Capabilities for Every SOC Task (Detection, Triage, Investigation, Response)(12:40) The Impact of Cloud & SaaS Data Volume on Traditional SIEMs(14:15) Building AI Capabilities on AWS Bedrock: Best Practices & Challenges(17:20) Why SIEM Might Not Be Good Enough Anymore(19:10) The Critical Role of Diverse Data (Config, Code, Context) for AI Accuracy(22:15) Data Lake Challenges (e.g., Snowflake) for Real-Time Security Processing(26:50) Detection Coverage Blind Spots, Especially for SaaS (e.g., GitHub)(31:40) Building Trust & Transparency in AI SOCs(35:40) Rethinking the SOC Team Structure: The Rise of the Full-Stack Security Engineer(42:15) Final Questions: Running, Family, and Turkish Food
Send us a textHeadlines about a massive F5 Big-IP exposure aren't noise—they're a masterclass in why Security Operations must be disciplined, fast, and auditable. We open with what the F5 situation means for enterprise risk, patch urgency, and long-term persistence threats, then shift into a practical, exam-ready walkthrough of CISSP Domain 7. The goal: help you think like an operator and answer like a pro when pressure spikes.We map investigations from preparation to presentation, showing how evidence collection, handling, and chain of custody turn raw logs into defensible findings. You'll hear how live versus dead forensics trade-offs play out, which artifacts matter across endpoints, networks, and mobile, and why standardized procedures keep teams synchronized. From there, we connect visibility to action: IDS and IPS for detection and control, SIEM for correlation and retention, and egress monitoring to catch data theft and command-and-control that slip past perimeter thinking. Threat intelligence and UEBA add context and behavior baselines so you find the meaningful anomalies without drowning in alerts.We also dig into the operational backbone that keeps environments stable: configuration management, security baselines, and automation to eliminate drift and reduce manual error. Then we anchor on foundational principles—least privilege, need-to-know, separation of duties, job rotation, and PAM—to limit blast radius when credentials or processes fail. Finally, we close with resource protection and media management: classification, encryption, verifiable backups, and secure disposal and transport, so your controls hold up under legal scrutiny and real-world adversaries.Whether you're tightening controls after the F5 news or sharpening focus for the CISSP, this guide to Domain 7 gives you a clear, actionable path. If this was helpful, follow the show, share it with a teammate, and leave a quick review—what Security Operations topic should we explore next?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!
Bentornati e bentornate su Azure Italia Podcast, il podcast in italiano su Microsoft Azure!Per non perderti nessun nuovo episodio clicca sul tasto FOLLOW del tuo player
¿Tu empresa ya celebró su asamblea anual? En este episodio de Hablemos Derecho con PDLC, Mauricio Portillo y Gaby González te explican por qué es obligatorio hacerla, qué consecuencias fiscales puede tener no hacerlo y cómo ponerte al corriente. Además, te contamos qué es el SIEM y cómo evitar multas por no registrarte.
Send us a textCheck us out at: https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions: https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos: https://www.cisspcybertraining.com/offers/KzBKKouvhttps://www.jeffersonfisher.com/A spike in ransomware on the factory floor isn't just a headline; it's a stress test for how we design, segment, and measure our defenses. We open with the realities of manufacturing risk—legacy OT, flat networks, and high stakes for uptime—then translate that urgency into a practical walkthrough of CISSP Domain 6: the assessments, testing, and metrics that actually prove security works. Along the way, we share a surprising leadership edge from a trial lawyer's communication book that helps you argue less, align faster, and get executive buy‑in when the first vuln report lights up like a Christmas tree.We break down internal vs external audits and when each makes sense, plus a smart cadence for third‑party and supply chain reviews that acknowledges your perimeter now includes APIs and vendor tunnels. From vulnerability scans and scoped penetration tests to SIEM‑driven log reviews and synthetic transactions, we map out a toolkit that catches issues before users do. We go deeper on secure code reviews, unit/integration testing, and interface testing for APIs, because the quiet paths between services are often where real risk hides.Then we shift to the machinery of proof: breach and attack simulation for continuous validation, compliance checks to spot drift, and the metrics that matter—MTTD, MTTR, patch rates, vuln density, mean time to report. We lay out how to run account reviews, verify backups you can trust, and exercise DR/BC so recovery is muscle memory. Finally, we tackle remediation prioritization, exception handling with compensating controls, and ethical disclosure that minimizes harm while nudging vendors to act. If you're preparing for the CISSP or elevating your program, you'll leave with a clearer map and concrete next steps.If this helped, follow the show, share it with a teammate, and drop a review—what's one control or metric you're upgrading this quarter?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!
Parce que… c'est l'épisode 0x640! Shameless plug 12 au 17 octobre 2025 - Objective by the sea v8 14 et 15 octobre 2025 - ATT&CKcon 6.0 14 et 15 octobre 2025 - Forum inCyber Canada Code rabais de 30% - CA25KDUX92 4 et 5 novembre 2025 - FAIRCON 2025 8 et 9 novembre 2025 - DEATHcon 17 au 20 novembre 2025 - European Cyber Week 25 et 26 février 2026 - SéQCure 2026 Description Introduction et parcours professionnel Mathieu Saulnier, connu sous le pseudonyme “Scooby” dans la communauté de cybersécurité, possède une vingtaine d'années d'expérience dans le domaine. Son parcours l'a mené d'un grand fournisseur internet et de télécommunications vers la gestion d'un SOC (Security Operations Center), puis vers des rôles de recherche sur les menaces pour des vendeurs de SIEM et d'EDR. Aujourd'hui, il occupe le poste de product manager pour BloodHound Community Edition chez SpecterOps, une position qu'il a obtenue grâce à ses nombreuses présentations sur BloodHound au fil des années. BloodHound version 8 et la révolution OpenGraph La version 8 de BloodHound représente une évolution majeure de l'outil. La fonctionnalité phare est OpenGraph, qui permet d'ingérer n'importe quel type de données dans le graphe et de créer ses propres chemins d'attaque pour différentes technologies. Historiquement, BloodHound se concentrait exclusivement sur Active Directory et Azure/Entra ID, mais cette limitation appartient désormais au passé. Avec le lancement d'OpenGraph, SpecterOps a publié plusieurs nouveaux collecteurs pour diverses technologies : One Password, Snowflake, et Jamf (pour la gestion des postes de travail Mac). La communauté a réagi avec enthousiasme, puisqu'en seulement 48 heures après l'annonce, un contributeur externe a créé un collecteur pour Ansible. Plus récemment, un collecteur pour VMware vCenter et ESXi a également vu le jour, démontrant l'adoption rapide de cette nouvelle capacité. La distinction fondamentale : access path versus attack path Mathieu utilise une analogie éclairante avec Google Maps pour expliquer la différence entre un chemin d'accès et un chemin d'attaque. Google Maps montre les chemins autorisés selon différents modes de transport (voiture, vélo, transport en commun), chacun ayant ses propres règles et restrictions. C'est l'équivalent d'un graphe d'accès qui indique où on a le droit d'aller. Un chemin d'attaque, en revanche, représente la perspective d'un adversaire qui ne se préoccupe pas des règlements. L'exemple donné est celui d'une voiture roulant sur une piste cyclable à Montréal : c'est interdit, on sait qu'on risque une contravention, mais c'est techniquement possible. Dans le monde numérique, les conséquences sont souvent moins immédiates et moins visibles, ce qui explique pourquoi les attaquants exploitent régulièrement ces chemins non conventionnels. L'évolution du modèle de données BloodHound a commencé modestement avec seulement trois types d'objets (utilisateurs, groupes et ordinateurs) et trois types de relations (member of, admin et session). Depuis, le modèle s'est considérablement enrichi grâce aux recherches menées par SpecterOps et d'autres organisations. Des propriétés comme le Kerberoasting ont été ajoutées, permettant d'identifier les objets vulnérables à ce type d'attaque et d'élever ses privilèges. La vraie puissance d'OpenGraph réside dans la capacité de relier différents systèmes entre eux. Par exemple, si un attaquant compromet le poste d'un utilisateur ayant accès à un dépôt GitHub, il peut voler les tokens et sessions pour effectuer des commits au nom de cet utilisateur, potentiellement dans une bibliothèque largement utilisée, ouvrant ainsi la voie à une attaque de la chaîne d'approvisionnement (supply chain attack). Cette interconnexion multi-dimensionnelle des systèmes était difficile à visualiser mentalement, mais le graphe la rend évidente. Créer des collecteurs OpenGraph : exigences et bonnes pratiques Pour qu'un collecteur soit accepté dans la liste officielle des projets communautaires, certains standards doivent être respectés. Il faut créer le connecteur avec une documentation détaillant les permissions minimales nécessaires (principe du moindre privilège), expliquer son fonctionnement, les systèmes d'exploitation supportés, et les dépendances requises. La documentation devrait également inclure des références sur comment exploiter ou défendre contre les vulnérabilités identifiées. Bien que non obligatoires, des éléments visuels personnalisés (icônes et couleurs) sont fortement recommandés pour assurer une cohérence visuelle dans la communauté. Le projet étant open source, les utilisateurs peuvent toujours modifier ces éléments selon leurs préférences. Un aspect crucial est la fourniture de requêtes Cypher pré-construites. Sans ces requêtes, un utilisateur qui ne connaît pas Cypher pourrait importer toutes les données mais se retrouver bloqué pour les exploiter efficacement. Le langage Cypher et l'accès aux données BloodHound fonctionne sur une base de données graphique, historiquement Neo4j, mais maintenant également PostgreSQL grâce à un module de conversion. Le langage de requête utilisé est Cypher, qui possède une syntaxe particulière. Pour rendre l'outil plus accessible, SpecterOps maintient une bibliothèque Cypher contenant de nombreuses requêtes créées par l'équipe et la communauté. Ces requêtes peuvent être exécutées directement depuis le portail BloodHound. L'entreprise explore également l'utilisation de LLM (Large Language Models) pour générer des requêtes Cypher automatiquement, bien que le corpus public de données spécifiques à BloodHound soit encore limité. Les pistes futures incluent l'utilisation de MCP (Model Context Protocol) et d'approches agentiques pour améliorer la génération de requêtes. Usage défensif et offensif : deux faces d'une même médaille Mathieu souligne que les mêmes requêtes Cypher peuvent servir tant aux équipes bleues (défensives) qu'aux équipes rouges (offensives). La différence réside dans l'intention et l'utilisation des résultats, pas dans les outils eux-mêmes. C'est l'équivalent du marteau qui peut construire ou détruire selon l'utilisateur. Pour l'usage défensif, BloodHound Enterprise offre des fonctionnalités avancées comme le scan quasi-continu, l'identification automatique des points de contrôle critiques (choke points), et des outils de remédiation. Même la version communautaire gratuite permet de découvrir des vulnérabilités majeures lors de la première exécution. Exemples concrets et cas d'usage Mathieu partage des exemples frappants de découvertes faites avec BloodHound. Dans une entreprise de plus de 60 000 employés, il a identifié un serveur où tous les utilisateurs du domaine (domain users) avaient été accidentellement configurés comme administrateurs locaux. Comme un compte administrateur de domaine se connectait régulièrement à ce serveur, n'importe quel utilisateur pouvait devenir administrateur du domaine en seulement trois étapes : RDP vers le serveur, dump de la mémoire pour récupérer le token, puis attaque pass-the-hash. Un autre cas récent impliquait le script de login d'un administrateur de domaine stocké dans un répertoire accessible en écriture à tous. En y plaçant un simple script affichant un popup, l'équipe de sécurité a rapidement reçu une notification prouvant la vulnérabilité. Nouvelles fonctionnalités : la vue tableau Bien que moins spectaculaire qu'OpenGraph, la fonctionnalité “table view” répond à un besoin important. La célèbre citation de John Lambert de Microsoft (2015) dit : “Les attaquants pensent en graphe, les défenseurs pensent en liste. Tant que ce sera vrai, les attaquants gagneront.” Bien que la visualisation graphique soit le paradigme central de BloodHound, certaines analyses nécessitent une vue tabulaire. Par exemple, une requête identifiant tous les comptes Kerberoastables retourne de nombreux points à l'écran, mais sans informations détaillées sur les privilèges ou l'appartenance aux groupes. La vue tableau permet de choisir les colonnes à afficher et d'exporter les données en JSON (et bientôt en CSV), facilitant l'analyse et le partage d'informations. Deathcon Montréal : la conférence pour les défenseurs En complément à son travail sur BloodHound, Mathieu est le site leader de Montréal pour Deathcon (Detection Engineering and Threat Hunting Conference). Cette conférence unique, entièrement axée sur les ateliers pratiques (hands-on), se déroule sur deux jours en novembre. Contrairement aux conférences traditionnelles, tous les ateliers sont pré-enregistrés, permettant aux participants de travailler à leur rythme. L'événement se limite volontairement à 50 personnes maximum pour maintenir une atmosphère humaine et favoriser les interactions. Les participants ont accès à un laboratoire massif incluant Splunk, Elastic, Sentinel et Security Onion, et conservent cet accès pendant au moins un mois après l'événement. Sans sponsors, la conférence est entièrement financée par les billets, et l'édition 2024 a déjà vendu plus de 30 places, avec de nombreux participants de l'année précédente qui reviennent. Conclusion BloodHound avec OpenGraph représente une évolution majeure dans la visualisation et l'analyse des chemins d'attaque en cybersécurité. En permettant l'intégration de multiples technologies au-delà d'Active Directory, l'outil offre désormais une vision holistique des vulnérabilités organisationnelles. Que ce soit pour la défense ou les tests d'intrusion, BloodHound continue de démontrer que penser en graphe plutôt qu'en liste constitue un avantage stratégique décisif en matière de sécurité. Collaborateurs Nicolas-Loïc Fortin Mathieu Saulnier Crédits Montage par Intrasecure inc Locaux réels par Bsides Montréal
Amira Aly lässt uns tief in ihre Seele blicken. Unser Gespräch ist ehrlich und beeindruckend reflektiert. Sie spricht über ihre Kindheit ohne Vater und das männliche Rollenbild, das daraus entstanden ist. Und wie es sich bis heute auf ihre Beziehungen auswirkt. Nach der Trennung von Oli Pocher versuchen beide, eine gute Familie zu bleiben. Dass das nicht immer einfach war, haben wir miterlebt. Aber es hat sich etwas gewandelt. Was das ist, besprechen wir heute. Auch ich breche an einer Stelle in Tränen aus. Warum, das erfahrt ihr in dieser Folge. Aber woher kommt der Schmerz? Amira erzählt von Situationen aus ihrer Kindheit und Teenagerzeit, über die Wut und die Einsamkeit und über Dinge, über die sie noch nie öffentlich gesprochen hat. Wenn das, was wir uns sehnlichst wünschen, nicht da ist, dann müssen wir Frauen stark werden und uns auf uns selbst verlassen. Das ist was Gutes. Hat aber auch seine Schattenseiten. Aber Gespräche helfen. Immer. Schön dass Ihr Teil davon seid.
In the world of cybersecurity, there are big lies that have been perpetuated about compliance, fixability and communication--and it's time to burn it all down and start over. Many experts see one main cybersecurity truth, especially about AI, SIEM, EDR and related business technology. By examining the intersection of AI, cybersecurity, and compliance, we can gain a deeper understanding of the lies that have been told about the state of cybersecurity and work towards a more secure future. Tune in to this thought-provoking Send us a textGrowth without Interruption. Get peace of mind. Stay Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com Support the show
"The next five years are gonna be wild." That's the verdict from Forrester Principal Analyst Allie Mellen on the state of Security Operations. This episode dives into the "massive reset" that is transforming the SOC, driven by the rise of generative AI and a revolution in data management.Allie explains why the traditional L1, L2, L3 SOC model, long considered a "rite of passage" that leads to burnout is being replaced by a more agile and effective Detection Engineering structure. As a self-proclaimed "AI skeptic," she cuts through the marketing hype to reveal what's real and what's not, arguing that while we are "not really at the point of agentic" AI, the real value lies in specialized triage and investigation agents.Guest Socials - Allie's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Security PodcastQuestions asked:(00:00) Introduction(02:35) Who is Allie Mellen?(03:15) What is Security Operations in 2025? The SIEM & XDR Shakeup(06:20) The Rise of Security Data Lakes & Data Pipeline Tools(09:20) A "Great Reset" is Coming for the SOC(10:30) Why the L1/L2/L3 Model is a Burnout Machine(13:25) The Future is Detection Engineering: An "Infinite Loop of Improvement"(17:10) Using AI Hallucinations as a Feature for New Detections(18:30) AI in the SOC: Separating Hype from Reality(22:30) What is "Agentic AI" (and Are We There Yet?)(26:20) "No One Knows How to Secure AI": The Detection & Response Challenge(28:10) The Critical Role of Observability Data for AI Security(31:30) Are SOC Teams Actually Using AI Today?(34:30) How to Build a SOC Team in the AI Era: Uplift & Upskill(39:20) The 3 Things to Look for When Buying Security AI Tools(41:40) Final Questions: Reading, Cooking, and SushiResources:You can read Allie's blogs here
Marieke had van jongs af aan een sterke kinderwens, maar voelde ook dat het niet vanzelf zou gaan. Na een intensief fertiliteitstraject met zes IUI-behandelingen en twee IVF-rondes raakte ze zwanger. De zwangerschap verliep zwaar: ze kreeg te maken ernstige hartproblemen, wat voor veel zorgen en medische begeleiding zorgde. Uiteindelijk eindigde de zwangerschap in een keizersnede. Na de geboorte van haar zoon Siem belandde Marieke in een postpartum depressie, waardoor de start van het moederschap extra moeilijk was. Met professionele hulp en de steun van haar familie wist ze stap voor stap haar kracht terug te vinden en de band met haar kind op te bouwen.Volg me ook op instagram @medisienEn wil je meedoen met de gratis online training 'Omgaan met pijn tijdens de bevalling'? Dan vind je hier meer informatie!
October is Cybersecurity awareness month. Get ready to explore the imperative of cyber resiliency in today's digital landscape, focusing on strategies for robust data infrastructures and shared responsibility to plan and recover from cyber attacks. Join Pure Storage cyber experts Scott Taylor and Jason Walker as they delve into the critical aspects of cyber resilience. Learn best practices around how to prepare your organization for potential threats, respond effectively during an attack, and recover swiftly to maintain business continuity. We explore essential hygiene factors, the role of SIEM technology, and the importance of a layered resilience strategy, including insights from key alliance partners like Varonis and Superna. We also cover ways that Pure Storage empowers users to withstand cyberattacks and accelerate both cyber and disaster recovery. Hear best practices on how to protect data from ransomware and cyber threats through high-performance, layered resilience, robust data security and immutability, and seamless security integrations. Scott and Jason also tackle common myths and misconceptions about cyber resilience, providing actionable advice to help IT leaders identify and address blind spots. Tune in for hot takes on industry trends and a "Storage Confessions" segment where listeners can share their own screw-up stories.
"I think the biggest trap to potentially fall into is, "Hey, it's moving so fast, so much is changing. Let's just wait it out." Completely the wrong approach. You just gotta get started." Nick Eayrs from Databricks "As tech people within the shipping industry, how do we explain, how do we make it accessible to all our users? So that's where we came up with the idea of a data supermarket, with in mind really the target of enabling self-service for our business. So by giving the analogy of a supermarket, it was much easier at the beginning to explain our business." - Simon Fassot from Hafnia Fresh out of the studio, Nick Eayrs, Vice President of Field Engineering for Asia Pacific and Japan at Databricks, and Simon Fassot, General Manager and Head of Global Data and Analytics at Hafnia, join us to explore how data intelligence is transforming enterprise AI across diverse industries in Asia. Nick explained the fundamental distinction between general intelligence and data intelligence - emphasizing how enterprises gain competitive advantage by training AI on their proprietary data rather than public knowledge. Nick showcased customer success stories including Standard Chartered Bank and TechComBank and shared his perspectives on how senior executives can take advantage of AI by moving fast rather than wait and see. Last but not least, Nick offered what great would look like for Databricks in Asia Pacific and Japan in serving their customers. Adding the lens of the customer, Simon shared Hafnia's transformation from legacy SQL Server systems to a unified Databricks architecture serving their global shipping operations and elaborated on how the company is breaking down silos with their data supermarket and "Marvis" AI copilot for maritime operations based on retrieval augmented generation. This is Part 1 from Databricks Data + AI Event Singapore. Episode Highlights: [00:00] QOTD by Nick Eayrs and Simon Fassot [00:49] Introduction: Nick Eayrs from Databricks [03:32] Customer obsession means deeply understanding their business context [05:22] Data intelligence versus artificial general intelligence explanation begins [06:42] AI trained on your data creates competitive advantage [08:17] Only 15% of companies have correct AI infrastructure ready [11:17] Don't wait for AI perfection, just get started now [12:30] Agent Bricks simplify AI development using natural language [13:49] Standard Chartered Bank cybersecurity use case with SIEM [16:22] TechCom Bank in Vietnam customer brain with 12,000 customer attributes [18:32] Shared responsibility model for ethical AI deployment [25:24] Asia Pacific psychology focuses on future, not past [26:28] Most important question: How do you get started? [30:18] What does great look like for Databricks? [33:16] Introduction: Simon Fassot from Hafnia [35:18] How Hafnia transformed to full cloud architecture centralizes data through Databricks [36:28] Self-service access needed for 300 onshore, 4000 vessel employees [37:00] Three user types: operations, business intelligence, domain experts and Use Cases for Hafnia [41:32] Unity catalog controls data quality for AI cases [42:21] Two-phase Gen AI: ingest unstructured, then consume data [44:25] How to implement Generative AI: One bad AI answer loses all user trust [45:31] How reports in Hafnia use RAG embedded in workflows [46:47] Data supermarket analogy simplifies self-service for business [48:39] Marvis AI personalizes Gen AI within company context [49:46] Neo4j partnership adds graph capabilities to ecosystem [53:33] DNA Port platform unifies scattered dashboards and applications [54:22] Databricks enables focus on business value over operations Profiles: Nick Eayrs, Vice President of Field Engineering, Asia Pacific & Japan at Databricks LinkedIn: https://www.linkedin.com/in/nick-eayrs/ Simon Fassot, General Manager and Head of Global Data and Analytics at Hafnia LinkedIn: https://www.linkedin.com/in/simon-fassot-68b95135/ Podcast Information: Bernard Leong hosts and produces the show. The proper credits for the intro and end music are "Energetic Sports Drive." G. Thomas Craig mixed and edited the episode in both video and audio format. Here are the links to watch or listen to our podcast. Analyse Asia Main Site: https://analyse.asia Analyse Asia Spotify: https://open.spotify.com/show/1kkRwzRZa4JCICr2vm0vGl Analyse Asia Apple Podcasts: https://podcasts.apple.com/us/podcast/analyse-asia-with-bernard-leong/id914868245 Analyse Asia LinkedIn: https://www.linkedin.com/company/analyse-asia/ Analyse Asia X (formerly known as Twitter): https://twitter.com/analyseasia Sign Up for Our This Week in Asia Newsletter: https://www.analyse.asia/#/portal/signup Subscribe Newsletter on LinkedIn https://www.linkedin.com/build-relation/newsletter-follow?entityUrn=7149559878934540288
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
DShield SIEM Docker Updates Guy updated the DShield SIEM which graphically summarizes what is happening inside your honeypot. https://isc.sans.edu/diary/DShield%20SIEM%20Docker%20Updates/32276 Again: Sonicwall SSL VPN Compromises The Australian Government s Signals Directorate noted an increase in compromised Sonicwall devices. https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/ongoing-active-exploitation-of-sonicwall-ssl-vpns-in-australia Website Keystroke Logging Many websites log every keystroke, not just data submitted in forms. https://arxiv.org/pdf/2508.19825
Dave Herrald, Global Head of Cybersecurity GTM at Databricks, tells Jack about transforming security operations through modern data lake architectures and strategic AI implementation. He discusses the practical benefits of separating storage from compute, giving security teams direct control over data retention while maintaining operational flexibility. The conversation explores how organizations can move beyond traditional SIEM limitations by leveraging cost-effective data lake storage with advanced analytics capabilities. They touch on AI agents in security, where Dave advocates for focused agents over broad analyst replacement approaches. He also addresses common concerns about hallucinations, framing them as engineering challenges rather than insurmountable obstacles, and shares real-world examples of successful agent implementations. Topics discussed: Moving from traditional SIEM architectures to modern data lake approaches for cost-effective security analytics and data control. Implementing focused AI agents for specific security tasks like context gathering rather than attempting broad analyst replacement. Leveraging graph analytics for security operations including CMDB visualization, breach scoping, and vulnerability prioritization across enterprise environments. Addressing AI hallucinations through prompt engineering and proper context management rather than avoiding AI implementation entirely. Building detection capabilities using SQL and Python for analytics that provide supersets of traditional SIEM query languages. Creating normalization frameworks using standards like OCSF to enable consistent data analytics across diverse security data sources. Developing career resilience in security through mission-focused thinking, continuous AI learning, and building practical skills. Comparing modern AI agents to traditional SOAR platforms for automation effectiveness and maintenance requirements. Establishing data governance and access controls in security data lakes while maintaining operational flexibility and cost effectiveness. Listen to more episodes: Apple Spotify YouTube Website
Join hosts Jeff Steadman and Jim McDonald as they explore the critical intersection of attack surface management (ASM) and digital identity with Dan Lauritzen, Director with RSM Defense - RSM's Managed Security Team. This episode dives deep into how identity has become a key component of your organization's attack surface and why breaking down silos between identity teams and Security Operations Centers is more crucial than ever.Dan brings a unique perspective from his military background as a human intelligence collector to his current role in detection and response. Learn about the cyber kill chain, understand when you might have too much data, and discover practical strategies for treating identities as assets that need continuous protection.Whether you're an identity practitioner looking to expand your security knowledge or a cybersecurity professional wanting to better understand identity's role in attack surface management, this conversation offers valuable insights and actionable takeaways.Key topics include XDR platforms, ITDR tools, the evolution from legacy SIEM to modern detection systems, and why the future of security requires collaboration between traditionally separate teams.Chapter Timestamps00:00 - Introduction and Industry Trends01:00 - AI and Technology Disruption Discussion02:00 - Upcoming Conference Schedule and Discount Codes04:00 - Podcast Milestone - Approaching One Million Downloads06:30 - Introducing Dan Lauritzen and RSM Defense Team09:00 - Dan's Background - From Military to Cybersecurity12:00 - What is Attack Surface Management?14:00 - Treating Identities as Assets16:00 - The Cyber Kill Chain Explained18:00 - Why Identity and SOC Teams Operate in Silos21:00 - The Role of Data in Modern Security Operations23:00 - Continuous Identity Management and Shared Signals Framework26:00 - Can You Have Too Much Data?29:00 - Breaking Down Silos Between Identity and SOC Teams32:00 - Practical Collaboration Strategies34:00 - SIEM vs XDR vs ITDR - Understanding the Tool Landscape41:00 - Pragmatic Security Strategies and Metrics44:00 - Biggest Misconceptions About Attack Surface Management45:00 - Military Background - Human Intelligence Collection48:00 - Communication Tips for Better Information Gathering51:00 - Closing and Contact InformationConnect with Dan: https://www.linkedin.com/in/daniel-lauritzen-67545045/Cyber Kill Chain: https://en.wikipedia.org/wiki/Cyber_kill_chainLearn more about RSM:RSM Defense Managed Security: https://rsmus.com/services/risk-fraud-cybersecurity/managed-security-services.htmlRSM Digital Identity: https://rsmus.com/services/risk-fraud-cybersecurity/cybersecurity-business-vulnerability/identity-and-access.htmlConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Dan Lauritzen, RSM, attack surface management, cybersecurity, digital identity, SOC, Security Operations Center, XDR, ITDR, SIEM, cyber kill chain, detection and response, identity security, human intelligence, military cybersecurity, continuous identity management, shared signals framework, UEBA, threat detection, zero trust, privileged access management, identity governance, security metrics, vendor management, cloud security, endpoint security, data correlation, security silos, collaboration strategies, identity assets, orphaned accounts, entitlement creep, attack surface reduction, security automation, AI in security, machine learning security, identity sprawl, security tools, cybersecurity consulting, managed security services, security monitoring, incident response, threat hunting, vulnerability management, risk assessment, compliance, security architecture, defense strategy
Black Hat 2025: Crogl's CEO Monzy Merza Explains How AI Can Help Eliminate Alert Fatigue in CybersecurityCrogl CEO Monzy Merza discusses how AI-driven security platforms automate alert investigation using enterprise knowledge graphs, enabling analysts to focus on threat hunting while maintaining data privacy.Security teams drowning in alerts finally have a lifeline that doesn't compromise their data sovereignty. At Black Hat USA 2025, Crogl CEO Monzy Merza revealed how his company is tackling one of cybersecurity's most persistent challenges: the overwhelming volume of security alerts that leaves analysts either ignoring potential threats or burning out from investigation fatigue.The problem runs deeper than most organizations realize. Merza observed analysts routinely closing hundreds of alerts with a single click, not from laziness or malice, but from sheer necessity. "When you look at the history of breaches, the signal of the breach was there. And somebody ignored it," he explained during his ITSPmagazine interview, highlighting a critical gap between alert generation and meaningful investigation.Traditional approaches have failed because they expect human analysts to become "unicorns" - experts capable of mastering multiple data platforms simultaneously while remembering complex query languages and schemas. This unrealistic expectation has created what Merza calls the "human unicorn challenge," where organizations struggle to find personnel who can effectively navigate their increasingly complex security infrastructure.Crogl's solution fundamentally reimagines the relationship between human intuition and machine automation. Rather than forcing analysts to adapt to multiple tools, the platform creates a semantic knowledge graph that maps data relationships across an organization's entire security ecosystem. When alerts arrive, the system automatically conducts investigations using established kill chain methodologies, freeing analysts to focus on higher-value activities like threat hunting and strategic security initiatives.The privacy-first architecture addresses growing concerns about data sovereignty. Operating as a completely self-contained system with no internet dependencies, Crogl can run air-gapped in the most sensitive environments, including defense intelligence communities. The platform connects to existing tools through APIs without requiring data movement, duplication, or transformation.Real-world results demonstrate the platform's versatility. One customer discovered their analysts were using Crogl for fraud detection - an application never intended by the original design. The system's ability to process natural language descriptions and convert them into executable security processes has reduced response times from weeks to minutes for complex threat hunting operations.For security leaders evaluating AI integration, Merza advocates an experimental approach. Rather than attempting comprehensive transformation, he suggests starting with focused pilot programs that address specific pain points. This measured strategy allows organizations to validate AI's value while maintaining operational stability.The broader implications extend beyond security operations. By removing technical barriers and emphasizing domain expertise over tool competency, platforms like Crogl enable security teams to become strategic business enablers rather than reactive alert processors. Organizations gain the flexibility to maintain their preferred data architectures while ensuring comprehensive security coverage across distributed environments.As cyber threats continue evolving, the industry's response must prioritize both technological capability and human potential. Solutions that enhance analyst intuition while automating routine tasks represent a sustainable path forward for security operations at scale. Watch the full interview: https://youtu.be/0GqPtPXD2ik Learn more about CROGL: https://itspm.ag/crogl-103909Note: This story contains promotional content. Learn more.Guest: Monzy Merza, Founder and CEO of CROGL | On Linkedin: https://www.linkedin.com/in/monzymerza/ResourcesLearn more and catch more stories from CROGL: https://www.itspmagazine.com/directory/croglAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Stellar Cyber Revolutionizes SOC Cybersecurity Operations with Human-Augmented Autonomous Platform at Black Hat 2025 A Stellar Cyber Event Coverage of Black Hat USA 2025 Las VegasAn ITSPmagazine Brand Story with Subo Guha, Senior Vice President Product, Stellar Cyber____________________________Security operations centers face an unprecedented challenge: thousands of daily alerts overwhelming analyst teams while sophisticated threats demand immediate response. At Black Hat USA 2025 in Las Vegas, Stellar Cyber presented a revolutionary approach that fundamentally reimagines how SOCs operate in the age of AI-driven threats.Speaking with ITSPmagazine's Sean Martin, Subo Guha, Senior Vice President of Products at Stellar Cyber, outlined the company's vision for transforming security operations through their human-augmented autonomous SOC platform. Unlike traditional approaches that simply pile on more automation, Stellar Cyber recognizes that effective security requires intelligent collaboration between AI and human expertise.The platform's three-layer architecture ingests data from any source – network devices, applications, identities, and endpoints – while maintaining vendor neutrality through open EDR integration. Organizations can seamlessly work with CrowdStrike, SentinelOne, Sophos, or other preferred solutions without vendor lock-in. This flexibility proves crucial for enterprises navigating complex security ecosystems where different departments may have invested in various endpoint protection solutions.What sets Stellar Cyber apart is their autonomous SOC concept, which dramatically reduces alert volume from hundreds of thousands to manageable numbers within days rather than weeks. The platform's AI-driven auto-triage capability identifies true positives among thousands of false alarms, presenting analysts with prioritized "verdicts" that demand attention. This transformation addresses one of security operations' most persistent challenges: alert fatigue that leads to missed threats and burned-out analysts.The revolutionary AI Investigator copilot enables natural language interaction, allowing analysts to query the system conversationally. An analyst can simply ask, "Show me all impossible travel incidents between midnight and 4 AM," and receive actionable intelligence immediately. This democratization of security operations means junior analysts can perform at senior levels without extensive coding knowledge or years of experience navigating complex query languages.Identity threat detection and response (ITDR) emerged as another critical focus area during the Black Hat presentation. With identity becoming the new perimeter, Stellar Cyber integrated sophisticated user and entity behavior analytics (UEBA) directly into the platform. The system detects impossible travel scenarios, credential attacks, and lateral movement patterns that indicate compromise. For instance, when a user logs in from Portland at 11 PM and then appears in Moscow 30 minutes later, the platform immediately flags this physical impossibility.The identity protection extends beyond human users to encompass non-human identities, addressing the growing threat of automated attacks powered by large language models. Hackers now leverage generative AI to create credential attacks at unprecedented scale and sophistication, making robust identity security more critical than ever.Guha emphasized that AI augmentation doesn't displace security professionals but elevates them. By automating mundane tasks, analysts focus on strategic decision-making and complex threat hunting. MSSPs report dramatic efficiency gains, scaling operations without proportionally increasing headcount. Where previously a hundred thousand alerts might take weeks to process, requiring extensive junior analyst teams, the platform now delivers actionable insights within days with smaller, more focused teams.The platform's unified approach eliminates tool sprawl, providing CISOs with real-time visualization of their security posture. Executive reporting becomes instantaneous, with high-priority verdicts clearly displayed for rapid decision-making. This visualization capability transforms how security teams communicate with leadership, replacing lengthy reports with dynamic dashboards that convey risk and response status at a glance.Real-world deployments demonstrate significant operational improvements. Organizations report faster mean time to detection and response, reduced false positive rates, and improved analyst satisfaction. The platform's learning capabilities mean it becomes more intelligent over time, adapting to each organization's unique threat landscape and operational patterns.As organizations face increasingly sophisticated threats powered by generative AI, Stellar Cyber's human-augmented approach represents a paradigm shift. By combining AI intelligence with human intuition, the platform delivers faster threat detection, reduced false positives, and empowered security teams ready for tomorrow's challenges. The company's commitment to continuous innovation, evidenced by rapid feature releases between RSA and Black Hat, positions them at the forefront of next-generation security operations. Learn more about Stellar Cyber: https://itspm.ag/stellar-cyber--inc--357947Note: This story contains promotional content. Learn more.Guest: Subo Guha, Senior Vice President Product, Stellar Cyber | https://www.linkedin.com/in/suboguha/ResourcesLearn more and catch more stories from Stellar Cyber: https://www.itspmagazine.com/directory/stellarcyberLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Ed Bailey, Field CISO at Cribl, shares how Cribl and AWS are helping customers rethink their data strategy by making it easier to modernize, reduce complexity, and unlock long-term flexibility.Topics Include:Ed Bailey introduces topic: bridging gap between security data requirements and budgetCompanies face mismatch: 10TB data needs vs 5TB licensing budget constraintsData volumes growing exponentially while budgets remain relatively flat year-over-yearIT security data differs from BI: enormous volume, variety, complexityMany companies discover 600+ data sources during SIEM migration projects50% of SIEM data remains un-accessed within 90 days of ingestionComplex data collection architectures break frequently and require excessive maintenanceTeams spend 80% time collecting data, only 20% analyzing for valueData collection and storage are costs; analytics and insights provide business valuePoor data quality creates operational chaos requiring dozens of browser tabsSOC analysts struggle with context switching across multiple disconnected systemsTraditional vendor approach: "give us all data, we'll solve problems" is outdatedData modernization requires sharing information widely across organizational business unitsData maturity model progression: patchwork → efficiency → optimization → innovationData tiering strategy: route expensive SIEM data vs cheaper data lake storageSIEM costs ~$1/GB while data lakes cost ~$0.15-0.20/GB for storageCompliance retention data should go to object storage at penny fractionsDecouple data retention from vendor tools to enable migration flexibilityCribl platform offers integrated solutions: Stream, Search, Lake, Edge componentsCustomer success: Siemens reduced 5TB to 500GB while maintaining security effectivenessParticipants:Edward Bailey – Field CISO, CriblFurther Links:Cribl WebsiteCribl on AWS MarketplaceSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/
Guest: Manija Poulatova, Director of Security Engineering and Operations at Lloyd's Banking Group Topics: SIEM migration is hard, and it can take ages. Yours was - given the scale and the industry - on a relatively short side of 9 months. What's been your experience so far with that and what could have gone faster? Anton might be a “reformed” analyst but I can't resist asking a three legged stool question: of the people/process/technology aspects, which are the hardest for this transformation? What helped the most in solving your big challenges? Was there a process that people wanted to keep but it needed to go for the new tool? One thing we talked about was the plan to adopt composite alerting techniques and what we've been calling the “funnel model” for detection in Google SecOps. Could you share what that means and how your team is adopting? There are a lot of moving parts in a D&R journey from a process and tooling perspective, how did you structure your plan and why? It wouldn't be our show in 2025 if I didn't ask at least one AI question! What lessons do you have for other security leaders preparing their teams for the AI in SOC transition? Resources: EP234 The SIEM Paradox: Logs, Lies, and Failing to Detect EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective EP231 Beyond the Buzzword: Practical Detection as Code in the Enterprise EP184 One Week SIEM Migration: Fact or Fiction? EP125 Will SIEM Ever Die: SIEM Lessons from the Past for the Future EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025 “Maverick” — Scorched Earth SIEM Migration FTW! blog “Hack the box” site
Centralize, retain, and query high-volume, long-term security data across Microsoft and third-party sources for up to 12 years using Microsoft Sentinel's new unified data lake. Correlate signals, run advanced analytics, and perform forensic investigations from a single copy of data—without costly migrations or data silos. Detect persistent, low-and-slow attacks with greater visibility, automate responses using scheduled jobs, and generate predictive insights by combining Copilot, KQL, and machine learning. Vandana Mahtani, Microsoft Sentinel Principal Product Manager shows how to uncover long-running threats, streamline investigations, and automate defenses—all within a unified, AI-powered SIEM experience. ► QUICK LINKS: 00:00 - Microsoft Sentinel Data Lake 01:49 - Data Management 02:46 - Table Management 03:36 - Data Lake exploration 04:17 - Advanced Hunting 05:23 - Query retention data 06:16 - Automate threat detection 07:18 - Move from reactive to predictive 08:50 - Wrap up ► Link References Check out https://aka.ms/SentinelDataLake ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Paradyn, one of Ireland's leading managed service and cybersecurity providers, has announced projected revenues of over €1.6 million in 2025 from its strategic partnership with ManageEngine, a global provider of enterprise IT management solutions. This marks a significant 100% increase from the €800,000 recorded in 2024. With a focus on the public sector, Paradyn forecasts continued momentum, anticipating 40% year-on-year growth in revenues from ManageEngine offerings Paradyn has successfully delivered ManageEngine solutions to more than 50,000 users across 40 public sector organisations and government agencies in Ireland, including the ESB, Teagasc, National Concert Hall, Dun Laoghaire County Council, Cork County Council, and Kildare County Council. The partnership has also enabled Paradyn to expand its public sector client base by 20%, underscoring the demand for robust, scalable IT management tools within government institutions. ManageEngine, the IT management division of Zoho Corporation, provides a broad suite of more than 60 enterprise-grade tools that address the end-to-end IT operations lifecycle - covering network and server monitoring, endpoint management, IT service management (ITSM), identity and access management, and security information and event management (SIEM). These tools empower public sector bodies to increase automation, improve visibility across their IT environments, reduce operational costs, and bolster their cybersecurity posture - all while ensuring that services to citizens are delivered reliably and securely. Paradyn's in-depth knowledge of public sector IT requirements, combined with its cybersecurity consulting and professional services, ensures that ManageEngine implementations are aligned with Ireland's evolving regulatory landscape, including the EU's NIS2 directive. Together, the two organisations offer a comprehensive and scalable solution for managing IT infrastructure securely and efficiently. Grace McCauley, Head of Sales - Managed Services, Paradyn, said: "Our partnership with ManageEngine allows us to deliver best-in-class IT management and cybersecurity solutions tailored to the public sector. As public services continue to digitalise, the need for reliable, secure, and cost-effective infrastructure becomes paramount. We're proud to be supporting the government in delivering modern, resilient digital services to citizens." ManageEngine's proven technology and Paradyn's hands-on approach help public sector agencies future-proof their IT environments, safeguard sensitive citizen data, and achieve operational excellence in an increasingly complex threat landscape. See more stories here. More about Irish Tech News Irish Tech News are Ireland's No. 1 Online Tech Publication and often Ireland's No.1 Tech Podcast too. You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news If you'd like to be featured in an upcoming Podcast email us at Simon@IrishTechNews.ie now to discuss. Irish Tech News have a range of services available to help promote your business. Why not drop us a line at Info@IrishTechNews.ie now to find out more about how we can help you reach our audience. You can also find and follow us on Twitter, LinkedIn, Facebook, Instagram, TikTok and Snapchat.
Guest: Svetla Yankova, Founder and CEO, Citreno Topics: Why do so many organizations still collect logs yet don't detect threats? In other words, why is our industry spending more money than ever on SIEM tooling and still not “winning” against Tier 1 ... or even Tier 5 adversaries? What are the hardest parts about getting the right context into a SOC analyst's face when they're triaging and investigating an alert? Is it integration? SOAR playbook development? Data enrichment? All of the above? What are the organizational problems that keep organizations from getting the full benefit of the security operations tools they're buying? Top SIEM mistakes? Is it trying to migrate too fast? Is it accepting a too slow migration? In other words, where are expectations tyrannical for customers? Have they changed much since 2015? Do you expect people to write their own detections? Detecting engineering seems popular with elite clients and nobody else, what can we do? Do you think AI will change how we SOC (Tim: “SOC” is not a verb?) in the next 1- 3 -5 years? Do you think that AI SOC tech is repeating the mistakes SOAR vendors made 10 years ago? Are we making the same mistakes all over again? Are we making new mistakes? Resources: EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025 EP231 Beyond the Buzzword: Practical Detection as Code in the Enterprise EP228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More Pipelines EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering “RSA 2025: AI's Promise vs. Security's Past — A Reality Check” blog Citreno, The Backstory “Parenting Teens With Love And Logic” book (as a management book) “Security Correlation Then and Now: A Sad Truth About SIEM” blog (the classic from 2019)
Alan Braithwaite is Co-Founder & CTO of RunReveal, the security data platform with real-time monitoring, built-in detections, and AI-powered investigations. Today, they manage and analyze security logs for teams at Harvey, ClickHouse, Cloudflare, and Temporal. RunReveal has multiple open source projects including event stream processing library kawa and query language pql. RunReveal has raised from investors including Costanoa, Modern Technical Fund, and Runtime Ventures. In this episode, we dig into:Why today's modern security teams are rethinking data management The benefits of building RunReveal on ClickHouse How they worked with early believers / customers like TemporalTheir open source strategy and building trust with the community through open sourcing components like their event processing libraryTheir MCP server and enabling security teams to use AI to automate investigations (including the launch of their new remote MCP server)
Ekco, one of Europe's leading security-first managed service providers, has announced that it has acquired Adapt IT, a Cork-headquartered IT managed service provider (MSP). The new deal, which is Ekco's sixth acquisition in two years, brings Ekco's total acquisition investment to €57 million within this timeframe. In business for more than 20 years, Adapt IT employs 37 people at its Cork location, serving customers in the small-and-medium-sized enterprises (SME) market. Its 300-strong customer base operates in industries such as manufacturing, retail, hospitality, legal, and finance. The deal bolsters Ekco's ability to support fast-growing SMEs with unified, secure, and scalable technology solutions. The acquisition of Adapt IT brings Ekco's global headcount to more than 1,000 employees and adds a seventh Irish location to its growing regional network. In addition to its three sites in Dublin, Ekco now operates in Cork, Waterford, and Laois, as well as across the UK, Netherlands, South Africa, and Malaysia. Adapt IT's expertise in Microsoft solutions will strengthen Ekco's modern working service offering for its customers, and its MSP focus will further build upon Ekco's existing managed service capabilities. Adapt IT's customer base will now benefit from Ekco's suite of advanced cloud services, automation expertise, and cybersecurity capabilities in areas including security information and event management (SIEM), security operations centres (SOC), and backup. As the cybersecurity regulatory landscape continues to evolve, Ekco will also provide peace of mind through its compliance services. Additionally, Adapt IT's teams will be able to avail of comprehensive upskilling, certification, and continuous learning opportunities to keep pace with industry demand. The deal is the latest in Ekco's wider acquisition strategy for growth and brings the total number of businesses acquired by Ekco in the last two years to six. Earlier this year, the company announced the purchase of Predatech, a UK-based cybersecurity consultancy. In 2024, it added UK legal IT specialist CTS to its portfolio of companies. 2023 saw the additions of MSPs Radius and Bluecube, as well as cloud migration and cybersecurity specialist iSystems. Cian Prendergast, CEO at Ekco MSP, said: "The acquisition of Adapt IT is the latest move in our aggressive expansion strategy which targets key acquisitions combined with sustained business growth. This strategy reflects an investment in innovation that will make us in Ekco, and our acquired companies, stronger as a result. We're building a modern, security-first MSP that helps ambitious businesses to operate with confidence and resilience. "Adapt IT, like us, is a cloud-first business that reflects our culture and has had tremendous success in building a nationwide customer base. By bringing our two companies together, we will enhance our regional footprint in a location where we see vast opportunities for our expansion, while also combining our knowledge and services to pioneer the demands of the modern enterprise. It strengthens our position as the go-to IT partner for businesses who want the reliability of a national partner with the responsiveness of a local team." John Levis, Managing Director, Adapt IT, said: "We are delighted to join the Ekco group, an Irish-founded business which is on an impressive growth trajectory. This will enable us to continue to deliver top-tier services to businesses, backed up by the skills and resources of a larger group. We are seeing that even smaller businesses are seeking enterprise-grade IT and cybersecurity solutions - Ekco's expertise will help us to meet this growing demand as the volume and complexity of cyber threats continues to rise." See more stories here.
Guest: David French, Staff Adoption Engineer, Google Cloud Topic: Detection as code is one of those meme phrases I hear a lot, but I'm not sure everyone means the same thing when they say it. Could you tell us what you mean by it, and what upside it has for organizations in your model of it? What gets better for security teams and security outcomes when you start managing in a DAC world? What is primary, actual code or using SWE-style process for detection work? Not every SIEM has a good set of APIs for this, right? What's a team to do in a world of no or low API support for this model? If we're talking about as-code models, one of the important parts of regular software development is testing. How should teams think about testing their detection corpus? Where do we even start? Smoke tests? Unit tests? You talk about a rule schema–you might also think of it in code terms as a standard interface on the detection objects–how should organizations think about standardizing this, and why should they? If we're into a world of detection rules as code and detections as code, can we also think about alert handling via code? This is like SOAR but with more of a software engineering approach, right? One more thing that stood out to me in your presentation was the call for sharing detection content. Is this between vendors, vendors and end users? Resources: Can We Have “Detection as Code”? Testing in Detection Engineering (Part 8) “So Good They Can't Ignore You: Why Skills Trump Passion in the Quest for Work You Love” book EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering EP181 Detection Engineering Deep Dive: From Career Paths to Scaling SOC Teams EP123 The Good, the Bad, and the Epic of Threat Detection at Scale with Panther Getting Started with Detection-as-Code and Google SecOps Detection Engineering Demystified: Building Custom Detections for GitHub Enterprise From soup to nuts: Building a Detection-as-Code pipeline David French - Medium Blog Detection Engineering Maturity Matrix
Website: https://worldharvestusa.com/Connect with World Harvest ChurchWebsite: https://worldharvestusa.com/contact Facebook: / WorldHarvestUSA.RL Instagram: / worldharvestus Additional Resources from World Harvest Church https://worldharvestclasses.vhx.tv/productsUpcoming Events: https://worldharvestusa.com/events
Cribl's Field CISO Ed Bailey discusses how customers can manage the quality and quantity of data by providing intelligent controls between data sources and destinations.Topics Include:Cribl company name originCompany helps organizations screen data to find valuable insightsEd Bailey was Cribl's first customer back in 2018Data growth of 25% yearly created seven-figure cost increasesCEOs and CIOs complained about explosive data storage costsUsers demanded more data while budgets remained constrainedBailey discovered Cribl through a random Facebook advertisementCribl Stream sits between data sources and destinationsNo new agents required, uses existing infrastructure connectionsReduced data growth from 28% to 8% within yearDevelopment cycles shortened from six weeks to two weeksBailey managed global security and telemetry data systemsOperated large Splunk instance across forty different countriesTeam spent time collecting data instead of extracting valueCribl provided consistent data control plane for operationsSmart engineers could focus on machine learning solutionsMigrated from terrible SIEM to better security platformData strategy should focus on business requirements firstNot all data has the same business valueTier one: Critical data goes to expensive platformsTier two: Important data stored in cheaper lakesTier three: Compliance data in low-cost object storageSIEM costs around one dollar per gigabyte storedData lakes cost twelve to eighteen cents per gigabyteObject storage costs fractions of pennies per gigabyteAWS partnership provides scalable infrastructure for rapid growthEC2, EKS, and S3 are heavily utilized servicesCribl Search finds data directly in object storageAvoids costly data movement for search and analysisParticipants:Edward Bailey – Field CISO, CriblSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/
Segment 1 - Interview with Rob Allen from Threatlocker Segment 2 - Topic: Growing Trend - Edge Computing and Hybrid Cloud Segment 3 - Interviews from RSAC 2025 Cyera Cyera is the fastest-growing data security company in history, empowering companies to classify, secure, and manage their data, wherever it is, and leverage the power of the industry's first AI native,unified Data Security Platform. Yotam Segev, Cyera's CEO sits down with CyberRisk TV at RSAC Conference 2025 to discuss Cyera's skyrocketing growth, its founding story and why an increasing number of Fortune500 companies are partnering with Cyera, and the company's latest product release: Adaptive DLP, a new AI data loss prevention solution. Recent Cyera News: Cyera Breaks World Record as the Fastest-Growing Data Security Company in History Data Security Leader Cyera Secures $300M in Series D Funding Cyera Acquires Trail Security for $162M Cyera Launches Data Incident Response Service Cyera Appoints Renowned Tech Exec Frank Slootman to Board of Directors This segment is sponsored by Cyera. Visit https://securityweekly.com/cyerarsac to learn more about them! Blumira In the evolving world of cybersecurity, the shift from a purely threat-centric mindset to a focus on operational excellence is no longer just a trend—it's a necessity. Matthew Warner, CEO and co-founder of Blumira, argues that this shift is particularly crucial for small and mid-sized businesses (SMBs) and the managed service providers (MSPs) that support them. Matthew believes that traditional SIEM and detection solutions have historically fallen short for these organizations, often due to their complexity, high cost, and steep learning curves. As a result, many SMBs have struggled to keep up with the sophistication of modern threats. Blumira was founded to change that. Matthew's vision is rooted in democratizing security—making powerful, automated detection and response tools simple, affordable, and accessible for everyone, especially those who need them most. By designing platforms that prioritize operational excellence—efficiency, usability, and actionable intelligence—Blumira enables organizations to be proactive rather than reactive. During the conversation, Matthew will share insights into the latest technologies and trends transforming the cybersecurity space, and offer actionable guidance for IT decision-makers. He'll explore how shifting strategy from chasing every alert to building a solid, efficient operational foundation can lead to better outcomes and stronger protection in the long run. Blumira Partners Blumira Launches New M365 Threat Response Feature Security should be accessible to everyone. At Blumira, we're building the future of detection and response — simple, smart, and built to empower the teams who need it most. Check out https://securityweekly.com/blumirarsac and take control of your security today. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-411
Segment 1 - Interview with Rob Allen from Threatlocker Segment 2 - Topic: Growing Trend - Edge Computing and Hybrid Cloud Segment 3 - Interviews from RSAC 2025 Cyera Cyera is the fastest-growing data security company in history, empowering companies to classify, secure, and manage their data, wherever it is, and leverage the power of the industry's first AI native,unified Data Security Platform. Yotam Segev, Cyera's CEO sits down with CyberRisk TV at RSAC Conference 2025 to discuss Cyera's skyrocketing growth, its founding story and why an increasing number of Fortune500 companies are partnering with Cyera, and the company's latest product release: Adaptive DLP, a new AI data loss prevention solution. Recent Cyera News: Cyera Breaks World Record as the Fastest-Growing Data Security Company in History Data Security Leader Cyera Secures $300M in Series D Funding Cyera Acquires Trail Security for $162M Cyera Launches Data Incident Response Service Cyera Appoints Renowned Tech Exec Frank Slootman to Board of Directors This segment is sponsored by Cyera. Visit https://securityweekly.com/cyerarsac to learn more about them! Blumira In the evolving world of cybersecurity, the shift from a purely threat-centric mindset to a focus on operational excellence is no longer just a trend—it's a necessity. Matthew Warner, CEO and co-founder of Blumira, argues that this shift is particularly crucial for small and mid-sized businesses (SMBs) and the managed service providers (MSPs) that support them. Matthew believes that traditional SIEM and detection solutions have historically fallen short for these organizations, often due to their complexity, high cost, and steep learning curves. As a result, many SMBs have struggled to keep up with the sophistication of modern threats. Blumira was founded to change that. Matthew's vision is rooted in democratizing security—making powerful, automated detection and response tools simple, affordable, and accessible for everyone, especially those who need them most. By designing platforms that prioritize operational excellence—efficiency, usability, and actionable intelligence—Blumira enables organizations to be proactive rather than reactive. During the conversation, Matthew will share insights into the latest technologies and trends transforming the cybersecurity space, and offer actionable guidance for IT decision-makers. He'll explore how shifting strategy from chasing every alert to building a solid, efficient operational foundation can lead to better outcomes and stronger protection in the long run. Blumira Partners Blumira Launches New M365 Threat Response Feature Security should be accessible to everyone. At Blumira, we're building the future of detection and response — simple, smart, and built to empower the teams who need it most. Check out https://securityweekly.com/blumirarsac and take control of your security today. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-411
Segment 1 - Interview with Rob Allen from ThreatLocker This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them! Segment 2 - Topic: Growing Trend - Edge Computing and Hybrid Cloud Segment 3 - Interviews from RSAC 2025 Cyera Cyera is the fastest-growing data security company in history, empowering companies to classify, secure, and manage their data, wherever it is, and leverage the power of the industry's first AI native,unified Data Security Platform. Yotam Segev, Cyera's CEO sits down with CyberRisk TV at RSAC Conference 2025 to discuss Cyera's skyrocketing growth, its founding story and why an increasing number of Fortune500 companies are partnering with Cyera, and the company's latest product release: Adaptive DLP, a new AI data loss prevention solution. Recent Cyera News: Cyera Breaks World Record as the Fastest-Growing Data Security Company in History Data Security Leader Cyera Secures $300M in Series D Funding Cyera Acquires Trail Security for $162M Cyera Launches Data Incident Response Service Cyera Appoints Renowned Tech Exec Frank Slootman to Board of Directors This segment is sponsored by Cyera. Visit https://securityweekly.com/cyerarsac to learn more about them! Blumira In the evolving world of cybersecurity, the shift from a purely threat-centric mindset to a focus on operational excellence is no longer just a trend—it's a necessity. Matthew Warner, CEO and co-founder of Blumira, argues that this shift is particularly crucial for small and mid-sized businesses (SMBs) and the managed service providers (MSPs) that support them. Matthew believes that traditional SIEM and detection solutions have historically fallen short for these organizations, often due to their complexity, high cost, and steep learning curves. As a result, many SMBs have struggled to keep up with the sophistication of modern threats. Blumira was founded to change that. Matthew's vision is rooted in democratizing security—making powerful, automated detection and response tools simple, affordable, and accessible for everyone, especially those who need them most. By designing platforms that prioritize operational excellence—efficiency, usability, and actionable intelligence—Blumira enables organizations to be proactive rather than reactive. During the conversation, Matthew will share insights into the latest technologies and trends transforming the cybersecurity space, and offer actionable guidance for IT decision-makers. He'll explore how shifting strategy from chasing every alert to building a solid, efficient operational foundation can lead to better outcomes and stronger protection in the long run. Blumira Partners Blumira Launches New M365 Threat Response Feature Security should be accessible to everyone. At Blumira, we're building the future of detection and response — simple, smart, and built to empower the teams who need it most. Check out https://securityweekly.com/blumirarsac and take control of your security today. Show Notes: https://securityweekly.com/esw-411
This is a free preview of a paid episode. To hear more, visit smokeempodcast.substack.comBrooke Siem is the author of the 2022 memoir, May Cause Side Effects, about the decade and a half she spent on anti-depressants (prescribed after her father died when she was 15) and what happened when she ditched them. Sarah is currently on anti-depressants, though she wonders whether she needs them. Nancy is not on SSRIs, though she was part of a gentle brigade who nudged Sarah to increase her dosage last year. This is a complicated knot! The ladies talk about over-medication, how cultural taboos migrate, and the problem with treating sadness, anger, frustration — very human emotions — with a pill. Also discussed:* Nancy suddenly cares about the Navy; Sarah questions this* That time Brooke wore a foxy denim jumper* “Chemical imbalance” is a hoodwink* The “Come Out of the Dark Campaign” meant to eradicate depression stigma leads to an explosion of SSRI prescriptions* SSRIs and orgasm* The opiate epidemic tracks with the anti-depressant era * “Chemical castration” didn't start with puberty blockers …* 70s-80s Ritalin vogue* Related: Does Ritalin suppress male growth?* Hold up: a link between transitioning genders and SSRIs?* Drinking and depression, a tangled saga* “Headaches are caused by an Advil deficiency”* Beware Wellbutrin* Gothic SSRI withdrawal* “I never boned a cabbie … that I'm aware of.”* That time Sarah went hypomanic …* 1 in 4 American women are on anti-depressants* The hormones and menopause of it all* “Fuck you, person at Whole Foods!”* Big Pharma / Big Food = same playbook, different expression* “Do you bake with yeast?”* WTF with Pol Pot?Plus, boozy cupcakes, a coyote sighting, was Tom Cruise right about pharmaceuticals — and much more!This one's a banger! Listen to the whole shebang when you become a paid subscriber.
Nach der zweiten Gesprächsrunde der ukrainischen und der russischen Delegation in Istanbul liegen nun die Forderungen beider Seiten auf dem Tisch. Es ist gut, dass man nun endlich wieder miteinander spricht. Hoffnungen auf einen baldigen Waffenstillstand oder gar Frieden sind jedoch nicht angebracht, liegen die Positionen beider Seiten doch meilenweit auseinander. Dabei scheinen gar nichtWeiterlesen
Guest Alan Braithwaite, Co-founder and CTO @ RunReveal Topics: SIEM is hard, and many vendors have discovered this over the years. You need to get storage, security and integration complexity just right. You also need to be better than incumbents. How would you approach this now? Decoupled SIEM vs SIEM/EDR/XDR combo. These point in the opposite directions, which side do you think will win? In a world where data volumes are exploding, especially in cloud environments, you're building a SIEM with ClickHouse as its backend, focusing on both parsed and raw logs. What's the core advantage of this approach, and how does it address the limitations of traditional SIEMs in handling scale? Cribl, Bindplane and “security pipeline vendors” are all the rage. Won't it be logical to just include this into a modern SIEM? You're envisioning a 'Pipeline QL' that compiles to SQL, enabling 'detection in SQL.' This sounds like a significant shift, and perhaps not to the better? (Anton is horrified, for once) How does this approach affect detection engineering? With Sigma HQ support out-of-the-box, and the ability to convert SPL to Sigma, you're clearly aiming for interoperability. How crucial is this approach in your vision, and how do you see it benefiting the security community? What is SIEM in 2025 and beyond? What's the endgame for security telemetry data? Is this truly SIEM 3.0, 4.0 or whatever-oh? Resources: EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective EP123 The Good, the Bad, and the Epic of Threat Detection at Scale with Panther EP190 Unraveling the Security Data Fabric: Need, Benefits, and Futures “20 Years of SIEM: Celebrating My Dubious Anniversary” blog “RSA 2025: AI's Promise vs. Security's Past — A Reality Check” blog tl;dr security newsletter Introducing a RunReveal Model Context Protocol Server! MCP: Building Your SecOps AI Ecosystem AI Runbooks for Google SecOps: Security Operations with Model Context Protocol
If you like what you hear, please subscribe, leave us a review and tell a friend!
Organizations are demanding more from their IT management platforms—not just toolsets, but tailored systems that meet specific business and security objectives. Vivin Sathyan, Senior Technology Evangelist at ManageEngine, shares how the company is responding with an integrated approach that connects IT, security, and business outcomes.ManageEngine, a division of Zoho Corporation, now offers a suite of over 60 products that span identity and access management, SIEM, endpoint protection, service management, and analytics. These components don't just coexist—they interact contextually. Vivin outlines a real-world example from the healthcare sector, where a SIM tool detects abnormal login behavior, triggers an identity system to challenge access, and then logs the incident for IT service resolution. This integrated chain reflects a philosophy where response is not just fast, but connected and accountable.At the heart of the platform's effectiveness is contextual intelligence—layered between artificial intelligence and business insights—to power decision-making that aligns with enterprise risk and compliance needs. Whether it's SOC analysts triaging events, CIS admins handling system hygiene, or CISOs aligning actions with corporate goals, the tools are tailored to fit roles, not just generic functions. According to Vivin, this role-based approach is critical to eliminating silos and ensuring teams speak the same operational and risk language.AI continues to play a role in enhancing that coordination, but ManageEngine is cautious not to follow hype for its own sake. The company has invested in its own AI and ML capabilities since 2012, and recently launched an agent studio—but only after evaluating how new models can meaningfully add value. Vivin points out that enterprise use cases often benefit more from small, purpose-built language models than from massive general-purpose ones.Perhaps most compelling is ManageEngine's global-first strategy. With operations in nearly 190 countries and 18+ of its own data centers, the company prioritizes proximity to customers—not just for technical support, but for cultural understanding and local compliance. That closeness informs both product design and customer trust, especially as regulations around data sovereignty intensify.This episode challenges listeners to consider whether their tools are merely present—or actually connected. Are you enabling collaboration through context, or just stitching systems together and calling it a platform?Learn more about ManageEngine: https://itspm.ag/manageen-631623Note: This story contains promotional content. Learn more.Guest: Vivin Sathyan, Senior Technology Evangelist, ManageEngine | https://www.linkedin.com/in/vivin-sathyan/ResourcesLearn more and catch more stories from ManageEngine: https://www.itspmagazine.com/directory/manageengineLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, vivin sathyan, cybersecurity, ai, siem, identity, analytics, integration, platform, risk, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Guests: no guests, just us in the studio Topics: At RSA 2025, did we see solid, measurably better outcomes from AI use in security, or mostly just "sizzle" and good ideas with potential? Are the promises of an "AI SOC" repeating the mistakes seen with SOAR in previous years regarding fully automated security operations? Does "AI SOC" work according to RSA floor? How realistic is the vision expressed by some [yes, really!] that AI progress could lead to technical teams, including IT and security, shrinking dramatically or even to zero in a few years? Why do companies continue to rely on decades-old or “non-leading” security technologies, and what role does the concept of a "organizational change budget" play in this inertia? Is being "AI Native" fundamentally better for security technologies compared to adding AI capabilities to existing platforms, or is the jury still out? Got "an AI-native SIEM"? Be ready to explain how is yours better! Resources: EP172 RSA 2024: Separating AI Signal from Noise, SecOps Evolves, XDR Declines? EP119 RSA 2023 - What We Saw, What We Learned, and What We're Excited About EP70 Special - RSA 2022 Reflections - Securing the Past vs Securing the Future RSA (“RSAI”) Conference 2024 Powered by AI with AI on Top — AI Edition (Hey AI, Is This Enough AI?) [Anton's RSA 2024 recap blog] New Paper: “Future of the SOC: Evolution or Optimization — Choose Your Path” (Paper 4 of 4.5) [talks about the change budget discussed]
In this On Location Brand Story episode, Sean Martin speaks with Hugh Njemanze, Founder and CEO of Anomali, who has been at the center of cybersecurity operations since the early days of SIEM. Known for his prior work at ArcSight and now leading Anomali, Hugh shares what's driving a dramatic shift in how security teams access, analyze, and act on data.Anomali's latest offering—a native cloud-based next-generation SIEM—goes beyond traditional detection. It combines high-performance threat intelligence with agentic AI to deliver answers and take action in ways that legacy platforms simply cannot. Rather than querying data manually or relying on slow pipelines, the system dynamically spins up thousands of cloud resources to answer complex security questions in seconds.Agentic AI Meets Threat IntelligenceHugh walks through how agentic AI, purpose-built for security, breaks new ground. Unlike general-purpose models, Anomali's AI operates within a secure, bounded dataset tailored to the customer's environment. It can ingest a hundred-page threat briefing, extract references to actors and tactics, map those to the MITRE ATT&CK framework, and assess the organization's specific exposure—all in moments. Then it goes a step further: evaluating past events, checking defenses, and recommending mitigations. This isn't just contextual awareness—it's operational intelligence at speed and scale.Making Security More Human-CentricOne clear theme emerges: the democratization of security tools. With Anomali's design, teams no longer need to rely on a few highly trained specialists. Broader teams can engage directly with the platform, reducing burnout and turnover, and increasing organizational resilience. Managers and security leaders now shift focus to prioritization, strategic decision-making, and meaningful business conversations—like aligning defenses to M&A activity or reporting to the board with clarity on risk.Real-World Results and Risk InsightsCustomers are already seeing measurable benefits: an 88% reduction in incidents and an increase in team-wide tool adoption. Anomali's system doesn't just detect—it correlates attack surface data with threat activity to highlight what's both vulnerable and actively targeted. This enables targeted response, cost-effective scaling, and better use of resources.Learn more about Anomali: https://itspm.ag/anomali-bdz393Note: This story contains promotional content. Learn more.Guest: Hugh Njemanze, Founder and President at Anomali | https://www.linkedin.com/in/hugh-njemanze-603721/ResourcesLearn more and catch more stories from Anomali: https://www.itspmagazine.com/directory/anomaliLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, hugh njemanze, siem, cybersecurity, ai, threat intelligence, agentic ai, risk management, soc, cloud security, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Honeypot Iptables Maintenance and DShield-SIEM Logging In this diary, Jesse is talking about some of the tasks to maintain a honeypot, like keeping filebeats up to date and adjusting configurations in case your dynamic IP address changes https://isc.sans.edu/diary/Honeypot%20Iptables%20Maintenance%20and%20DShield-SIEM%20Logging/31876 XRPL.js Compromised An unknown actor was able to push malicious updates of the XRPL.js library to NPM. The library is officially recommended for writing Riple (RPL) cryptocurrency code. The malicious library exfiltrated secret keys to the attacker https://www.aikido.dev/blog/xrp-supplychain-attack-official-npm-package-infected-with-crypto-stealing-backdoor https://github.com/XRPLF/xrpl.js/security/advisories/GHSA-33qr-m49q-rxfx Cisco Equipment Affected by Erlang/OTP SSH Vulnerability Cisco published an advisory explaining which of its products are affected by the critical Erlang/OTP SSH library vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy
Default deny is an old, and very recognizable term in security. Most folks that have been in the industry for a long time will associate the concept with firewall rules. The old network firewalls, positioned between the public Internet and private data centers, however, were relatively uncomplicated and static. Most businesses had a few hundred firewall rules at most. The idea of implementing default deny principles elsewhere were attempted, but without much success. Internal networks (NAC), and endpoints (application control 1.0) were too dynamic for the default deny approach to be feasible. Vendors built solutions, and enterprises tried to implement them, but most gave up. Default deny is still an ideal approach to protecting assets and data against attacks - what it needed was a better approach. An approach that could be implemented at scale, with less overhead. This is what we'll be talking to Threatlocker's CEO and co-founder, Danny Jenkins, about on this episode. They seemed to have cracked the code here and are eager to share how they did it. This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them! We wanted security data? We got it! Now, what the heck do we DO with all of it? The core challenge of security operations, incident response, and even compliance is still a data management and analysis problem. Which is why we're seeing companies like Abstract Security pop up to address some of these challenges. Abstract just released a comprehensive eBook on security data strategy, linked below, and you don't even need to give up an email address to read it! In this interview, we'll talk through some of the highlights: Challenges Myths Pillars of a data security strategy Understanding the tools available Segment Resources A Leader's Guide to Security Data Strategy eBook In the enterprise security news, new startup funding what happened to the cybersecurity skills shortage? tools for playing with local GenAI models CVE assignment drama a SIEM-agnostic approach to detection engineering pitch for charity a lost dog that doesn't want to be found All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-402
© 2020-2025 Ivy Podcast Discovery LLC
